cnvd - cnvd-2015-03617

cnvd-2015-03617

Vulnerability from cnvd

Title: HP ThinPro Linux和HP Smart Zero Core存在多个漏洞

Description:

HP ThinPro Linux和HP Smart Zero Core都是美国惠普（HP）公司的操作系统。

HP ThinPro Linux和HP Smart Zero Core存在本地未授权访问漏洞和本地提权漏洞。本地攻击者可利用漏洞获取未授权的访问权限，或提升的权限。

Severity: 中

Patch Name: HP ThinPro Linux和HP Smart Zero Core存在多个漏洞的补丁

Patch Description:

HP ThinPro Linux和HP Smart Zero Core都是美国惠普（HP）公司的操作系统。

HP ThinPro Linux和HP Smart Zero Core存在本地未授权访问漏洞和本地提权漏洞。本地攻击者可利用漏洞获取未授权的访问权限，或提升的权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： http://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04692275&docLocale=en_US

Reference: http://www.securityfocus.com/bid/74897 http://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=&docId=emr_na-c04692275&docLocale=en_US

Impacted products

Name
['HP ThinPro Linux 5.1 (x86)', 'HP ThinPro Linux 5.0 (x86)', 'HP ThinPro Linux 4.4 (x86)', 'HP ThinPro Linux 4.3 (x86)', 'HP ThinPro Linux 4.2 (x86)', 'HP ThinPro Linux 4.1 (x86)', 'HP Smart Zero Core 4.4 (x86)', 'HP Smart Zero Core 4.4 (ARM)', 'HP Smart Zero Core 4.3 (x86)', 'HP Smart Zero Core 4.3 (ARM)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "74897"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2124"
    }
  },
  "description": "HP ThinPro Linux\u548cHP Smart Zero Core\u90fd\u662f\u7f8e\u56fd\u60e0\u666e\uff08HP\uff09\u516c\u53f8\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nHP ThinPro Linux\u548cHP Smart Zero Core\u5b58\u5728\u672c\u5730\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u548c\u672c\u5730\u63d0\u6743\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u672a\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u6216\u63d0\u5347\u7684\u6743\u9650\u3002",
  "discovererName": "HP",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=\u0026docId=emr_na-c04692275\u0026docLocale=en_US",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03617",
  "openTime": "2015-06-05",
  "patchDescription": "HP ThinPro Linux\u548cHP Smart Zero Core\u90fd\u662f\u7f8e\u56fd\u60e0\u666e\uff08HP\uff09\u516c\u53f8\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nHP ThinPro Linux\u548cHP Smart Zero Core\u5b58\u5728\u672c\u5730\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u548c\u672c\u5730\u63d0\u6743\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u672a\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u6216\u63d0\u5347\u7684\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HP ThinPro Linux\u548cHP Smart Zero Core\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "HP ThinPro Linux 5.1 (x86)",
      "HP ThinPro Linux 5.0 (x86)",
      "HP ThinPro Linux 4.4 (x86)",
      "HP ThinPro Linux 4.3 (x86)",
      "HP ThinPro Linux 4.2 (x86)",
      "HP ThinPro Linux 4.1 (x86)",
      "HP Smart Zero Core 4.4 (x86)",
      "HP Smart Zero Core 4.4 (ARM)",
      "HP Smart Zero Core 4.3 (x86)",
      "HP Smart Zero Core 4.3 (ARM)"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/74897\r\nhttp://h20565.www2.hp.com/hpsc/doc/public/display?calledBy=\u0026docId=emr_na-c04692275\u0026docLocale=en_US",
  "serverity": "\u4e2d",
  "submitTime": "2015-06-04",
  "title": "HP ThinPro Linux\u548cHP Smart Zero Core\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e"
}

CVE-2015-2124 (GCVE-0-2015-2124)

Vulnerability from cvelistv5

Published

2015-06-05 10:00

Modified

2024-08-06 05:02

Severity ?

CWE

Summary

Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors.

References

▼	URL	Tags
	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275	vendor-advisory, x_refsource_HP
	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/bid/74897	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:43.322Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT102045",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
          },
          {
            "name": "HPSBHF03340",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
          },
          {
            "name": "74897",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74897"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-01T16:57:01",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "name": "SSRT102045",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
        },
        {
          "name": "HPSBHF03340",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
        },
        {
          "name": "74897",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74897"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2015-2124",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSRT102045",
              "refsource": "HP",
              "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
            },
            {
              "name": "HPSBHF03340",
              "refsource": "HP",
              "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04692275"
            },
            {
              "name": "74897",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74897"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2015-2124",
    "datePublished": "2015-06-05T10:00:00",
    "dateReserved": "2015-02-27T00:00:00",
    "dateUpdated": "2024-08-06T05:02:43.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted